When it comes to election security, it’s hard not to think of the United States as a proverbial dumpster fire. Kids as young as 11 are able to hack voting machines in fewer than 10 minutes. U.S. intelligence agencies warn that Russia plans to interfere with citizens casting votes, including through social-engineering disinformation campaigns. And while some states are taking steps to secure their voting processes, many are not.
As California’s secretary of state, Alex Padilla, told me in August, securing elections is a multipart problem that requires coordination between voting officials, federal, state, and local agencies, and cybersecurity experts. And his biggest concern is securing funding, as the most recent federal investment in election modernization and security was the Help America Vote Act of 2003.
“For Congress to only invest in election modernization and security once every 15 years doesn’t cut it,” he said.
READ MORE ON ELECTION HACKING
Why current funding to secure U.S. elections ‘doesn’t cut it’ (Q&A)
There’s more to election integrity than secure voting machines
Mueller’s indictment of election hackers a cybersecurity ‘wake-up call’
For want of a VPN, Guccifer 2.0 was lost
Facebook’s Stamos on protecting elections from hostile hackers (Q&A)
For decade-old flaws in voting machines, no quick fix
Post-recount, experts say electronic voting remains ‘shockingly’ vulnerable
Can your vote be hacked—after you cast it?
While securing funds is as important as securing voting machines, there’s more to election security than getting stakeholders in the room. To prevent voting-machine hacks, voting systems have to be better secured. They also have to produce a paper trail. Not all machines do that, and not all machines have patchable systems.
Beyond the technical problems of securing votes, there’s the nebulous and hard-to-stop problem of social engineering.
Padilla said there “absolutely” was “a concerted, massive disinformation campaign conducted by the Russian government to create chaos, sew doubts, and undermine confidence” in the election process. Some nations, like France, have had success in fighting social-engineering disinformation campaigns designed to disrupt elections. But it’s hardly easy.
As part of our mission to highlight the most important cybersecurity and privacy issues of the day at the community level, Javelin Strategy and Research, New Context, Rain Capital, and The Parallax are proud to announce the second event in our Context Conversations speaker series, following our first in September on health care, as well as our Enigma Interviews series last year.
On the eve of this year’s midterm election, at 7 p.m. PST on Monday, November 5, at the Digital Garage in San Francisco, I’ll moderate an on-stage conversation between Ben Adida, founder of secure-voting system Helios, and Chris Jerdonek, chairman of the San Francisco Elections Commission’s Open Source Voting System Technical Advisory Committee. We’ll discuss voting-machine vulnerabilities, effective social-engineering tactics, and ways to secure elections while respecting democratic values.
Ben Adida has more than two decades of experience as a software developer. In addition to serving as vice president of engineering at educational-software company Clever, he oversees Helios, a Web-based voting system he developed to be both private and verifiable.
After receiving a Ph.D. in computer science from the Cryptography and Information Security group at the Massachusetts Institute of Technology, Adida served as a post-doctoral fellow on Web security, privacy, and voting systems at Harvard University. He has also been an engineering director at Mozilla, which makes Firefox, and mobile-payments company Square.
Like Adida, Chris Jerdonek can code. And he’s been active in election reform for more than 15 years. He has served as a polling-place inspector in San Francisco 19 times. More than a decade ago, he drafted a ranked-choice voting charter amendment that passed in Oakland. In 2015 and 2017, he served as president of the San Francisco Elections Commission. And he now chairs its five-member Open Source Voting System Technical Advisory Committee.
Since attending Harvard undergrad and earning a Ph.D. in mathematics from the University of California at Davis, Jerdonek has contributed code to many open-source projects, including Python, Django, Mercurial, and WebKit. He recently co-founded a software development startup called Shotwell Labs.